---
apiVersion: v1
kind: Service
metadata:
  name: alertmanager
  labels:
    app.kubernetes.io/name: alertmanager
    app.kubernetes.io/instance: alertmanager
spec:
  type: ClusterIP
  ports:
    - port: 9093
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: alertmanager
    app.kubernetes.io/instance: alertmanager
---
apiVersion: v1
kind: Service
metadata:
  name: alertmanager-headless
  labels:
    app.kubernetes.io/name: alertmanager
    app.kubernetes.io/instance: alertmanager
spec:
  clusterIP: None
  ports:
    - port: 9093
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: alertmanager
    app.kubernetes.io/instance: alertmanager
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: alertmanager
  labels:
    app.kubernetes.io/name: alertmanager
    app.kubernetes.io/instance: alertmanager
  annotations:
    reloader.stakater.com/auto: "true"
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: alertmanager
      app.kubernetes.io/instance: alertmanager
  serviceName: alertmanager-headless
  template:
    metadata:
      labels:
        app.kubernetes.io/name: alertmanager
        app.kubernetes.io/instance: alertmanager
    spec:
      securityContext:
        fsGroup: 65534
      initContainers:
        - name: init-configs
          image: busybox:1.34.1
          imagePullPolicy: "IfNotPresent"
          command:
            - sh
            - -c
            - |
              sed -e "s/\$SMTP_USER/$(echo $SMTP_USER)/" \
                  -e "s/\$SMTP_PASSWORD/$(echo $SMTP_PASSWORD)/" \
                  -e "s/\$BOT_TOKEN/$(echo $BOT_TOKEN)/" \
                  -e "s/\$CHAT_ID/$(echo $CHAT_ID)/" \
                  /config-tmpl/alertmanager.yml > /config/alertmanager.yml
              # cat /config/alertmanager.yml
              echo Done, exit code: $?
          envFrom:
            - secretRef:
                name: alertmanager
          volumeMounts:
            - name: config-tmpl
              mountPath: /config-tmpl
            - name: config
              mountPath: /config
      containers:
        - name: alertmanager
          securityContext:
            runAsGroup: 65534
            runAsNonRoot: true
            runAsUser: 65534
          image: quay.io/prometheus/alertmanager:v0.24.0
          imagePullPolicy: IfNotPresent
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: status.podIP
          args:
            - --storage.path=/alertmanager
            - --config.file=/etc/alertmanager/config/alertmanager.yml
          ports:
            - name: http
              containerPort: 9093
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            limits:
              cpu: 100m
              memory: 256Mi
            requests:
              cpu: 10m
              memory: 32Mi
          volumeMounts:
            - name: config
              mountPath: /etc/alertmanager/config
            - name: templates
              mountPath: /etc/alertmanager/templates
            - name: storage
              mountPath: /alertmanager
      volumes:
        - name: config-tmpl
          configMap:
            name: alertmanager-config
        - name: config
          emptyDir:
            medium: Memory
        - name: templates
          configMap:
            name: alertmanager-templates
  volumeClaimTemplates:
    - metadata:
        name: storage
      spec:
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 50Mi
        storageClassName: managed-nfs-storage
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: alertmanager
  labels:
    app.kubernetes.io/name: alertmanager
    app.kubernetes.io/instance: alertmanager
  annotations:
    certmanager.k8s.io/cluster-issuer: monitoring-issuer
spec:
  ingressClassName: system-ingress
  tls:
    - hosts:
        - "am.kryukov.local"
      secretName: am-tls
  rules:
    - host: "am.kryukov.local"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: alertmanager
                port:
                  number: 9093